From 93690116733ec043d492f7355fa08f571456d031 Mon Sep 17 00:00:00 2001 From: Patrick Dillon Date: Fri, 16 Jan 2026 13:26:13 -0500 Subject: [PATCH 1/4] pkg/types: remove cluster-api-provider-azure This commit removes cluster-api-provider-azure packages from pkg/types. pkg/types is the installer API, imported by other pacakges. The capi v1.11, v1beta2 inconsistencies between CAPI & its CAPI providers makes vendoring challenging, which is exactly the sort of problem we try to avoid in pkg/types. Therefore this commit backs out CAPZ, and replaces it with local copies. We then need to convert to CAPZ when populating the manifests in pkg/assets. --- pkg/asset/installconfig/azure/metadata.go | 4 +- pkg/asset/installconfig/azure/validation.go | 9 ++- .../installconfig/azure/validation_test.go | 7 +- pkg/asset/machines/azure/azuremachines.go | 16 ++--- pkg/asset/machines/azure/capzconversions.go | 67 ++++++++++++++++++ pkg/asset/machines/azure/machines.go | 19 ++--- pkg/asset/machines/clusterapi.go | 3 +- pkg/asset/machines/worker.go | 5 +- pkg/asset/manifests/azure/cluster.go | 20 +++--- pkg/asset/manifests/cloudproviderconfig.go | 3 +- pkg/types/azure/machinepool.go | 69 +++++++++++++++++-- pkg/types/azure/platform.go | 15 +++- pkg/types/azure/validation/machinepool.go | 17 +++-- .../azure/validation/machinepool_test.go | 17 +++-- pkg/types/azure/validation/platform.go | 5 +- pkg/types/azure/validation/platform_test.go | 5 +- pkg/types/azure/zz_generated.deepcopy.go | 53 ++++++++++++-- pkg/types/conversion/installconfig.go | 5 +- pkg/types/utils.go | 7 +- pkg/types/utils_test.go | 11 ++- pkg/types/validation/featuregate_test.go | 7 +- 21 files changed, 264 insertions(+), 100 deletions(-) create mode 100644 pkg/asset/machines/azure/capzconversions.go diff --git a/pkg/asset/installconfig/azure/metadata.go b/pkg/asset/installconfig/azure/metadata.go index 7311d4a3cfb..fdf7a767245 100644 --- a/pkg/asset/installconfig/azure/metadata.go +++ b/pkg/asset/installconfig/azure/metadata.go @@ -6,8 +6,6 @@ import ( "sort" "sync" - "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" - "github.com/openshift/installer/pkg/types" typesazure "github.com/openshift/installer/pkg/types/azure" azuredefaults "github.com/openshift/installer/pkg/types/azure/defaults" @@ -179,7 +177,7 @@ func (m *Metadata) GenerateZonesSubnetMap(subnetSpec []typesazure.SubnetSpec, de return subnetSpec[i].Name < subnetSpec[j].Name }) for _, subnet := range subnetSpec { - if subnet.Role == v1beta1.SubnetNode { + if subnet.Role == typesazure.SubnetNode { computeSubnets = append(computeSubnets, subnet.Name) } } diff --git a/pkg/asset/installconfig/azure/validation.go b/pkg/asset/installconfig/azure/validation.go index 6b4f58a5fe9..a146a54d6a7 100644 --- a/pkg/asset/installconfig/azure/validation.go +++ b/pkg/asset/installconfig/azure/validation.go @@ -17,7 +17,6 @@ import ( "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation/field" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "github.com/openshift/installer/pkg/types" aztypes "github.com/openshift/installer/pkg/types/azure" @@ -563,9 +562,9 @@ func validateNetworks(client API, p *aztypes.Platform, fieldPath *field.Path) fi var computeSubnetName string var controlPlaneSubnetName string for _, subnet := range p.Subnets { - if subnet.Role == capz.SubnetControlPlane && controlPlaneSubnetName == "" { + if subnet.Role == aztypes.SubnetControlPlane && controlPlaneSubnetName == "" { controlPlaneSubnetName = subnet.Name - } else if subnet.Role == capz.SubnetNode && computeSubnetName == "" { + } else if subnet.Role == aztypes.SubnetNode && computeSubnetName == "" { computeSubnetName = subnet.Name } } @@ -954,7 +953,7 @@ func validateBootDiagnostics(client API, ic *types.InstallConfig) (allErrs field func checkBootDiagnosticsURI(client API, diag *aztypes.BootDiagnostics, region string) error { missingErrorMessage := "missing %s for user managed boot diagnostics" errorField := "" - if diag != nil && diag.Type == capz.UserManagedDiagnosticsStorage { + if diag != nil && diag.Type == aztypes.UserManagedDiagnosticsStorage { if diag.StorageAccountName != "" && diag.ResourceGroup != "" { return client.CheckIfExistsStorageAccount(context.TODO(), diag.ResourceGroup, diag.StorageAccountName, region) } @@ -970,7 +969,7 @@ func checkBootDiagnosticsURI(client API, diag *aztypes.BootDiagnostics, region s } // validateSubnetNatGateway checks whether a NAT Gateway is already attached to a compute subnet. -func validateSubnetNatGateway(client API, fieldPath *field.Path, subnet *aznetwork.Subnet, outboundType aztypes.OutboundType, role capz.SubnetRole, resourceGroup, virtualNetwork string) field.ErrorList { +func validateSubnetNatGateway(client API, fieldPath *field.Path, subnet *aznetwork.Subnet, outboundType aztypes.OutboundType, role aztypes.SubnetRole, resourceGroup, virtualNetwork string) field.ErrorList { var allErrs field.ErrorList if outboundType != aztypes.NATGatewayMultiZoneOutboundType && outboundType != aztypes.NATGatewaySingleZoneOutboundType { return allErrs diff --git a/pkg/asset/installconfig/azure/validation_test.go b/pkg/asset/installconfig/azure/validation_test.go index 400eb363792..e22affd2e9b 100644 --- a/pkg/asset/installconfig/azure/validation_test.go +++ b/pkg/asset/installconfig/azure/validation_test.go @@ -14,7 +14,6 @@ import ( "go.uber.org/mock/gomock" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation/field" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "github.com/openshift/installer/pkg/asset/installconfig/azure/mock" "github.com/openshift/installer/pkg/ipnet" @@ -390,7 +389,7 @@ var ( validBootDiagnosticsResourceGroup = "valid-resource-group" validStorageAccountValues = func(ic *types.InstallConfig) { ic.ControlPlane.Platform.Azure.BootDiagnostics = &azure.BootDiagnostics{ - Type: capz.UserManagedDiagnosticsStorage, + Type: azure.UserManagedDiagnosticsStorage, ResourceGroup: validBootDiagnosticsResourceGroup, StorageAccountName: validBootDiagnosticsStorageAccount, } @@ -412,10 +411,10 @@ func validInstallConfig() *types.InstallConfig { DefaultMachinePlatform: &azure.MachinePool{}, Subnets: []azure.SubnetSpec{{ Name: validControlPlaneSubnet, - Role: capz.SubnetControlPlane, + Role: azure.SubnetControlPlane, }, { Name: validComputeSubnet, - Role: capz.SubnetNode, + Role: azure.SubnetNode, }}, }, }, diff --git a/pkg/asset/machines/azure/azuremachines.go b/pkg/asset/machines/azure/azuremachines.go index e9fb2e04039..4a794b7eb60 100644 --- a/pkg/asset/machines/azure/azuremachines.go +++ b/pkg/asset/machines/azure/azuremachines.go @@ -120,7 +120,7 @@ func GenerateMachines(clusterID, resourceGroup, subscriptionID string, session * // If identity type is UserAssigned, but no identities are provided, the installer // will create one. Populate the manifest with a reference to that identity. - if mpool.Identity.Type == capz.VMIdentityUserAssigned && len(userAssignedIdentities) == 0 { + if mpool.Identity.Type == aztypes.VMIdentityUserAssigned && len(userAssignedIdentities) == 0 { userAssignedIdentities = []capz.UserAssignedIdentity{ { ProviderID: fmt.Sprintf("/subscriptions/%s/resourcegroups/%s/providers/Microsoft.ManagedIdentity/userAssignedIdentities/%s-identity", subscriptionID, resourceGroup, clusterID), @@ -137,7 +137,7 @@ func GenerateMachines(clusterID, resourceGroup, subscriptionID string, session * } if in.Platform.DefaultMachinePlatform != nil && in.Platform.DefaultMachinePlatform.BootDiagnostics != nil { - defaultDiag.Boot.StorageAccountType = in.Platform.DefaultMachinePlatform.BootDiagnostics.Type + defaultDiag.Boot.StorageAccountType = ConvertBootDiagnosticsStorageAccountType(in.Platform.DefaultMachinePlatform.BootDiagnostics.Type) if saURI := bootDiagStorageURIBuilder(in.Platform.DefaultMachinePlatform.BootDiagnostics, session.Environment.StorageEndpointSuffix); saURI != "" { defaultDiag.Boot.UserManaged = &capz.UserManagedBootDiagnostics{ StorageAccountURI: saURI, @@ -149,10 +149,10 @@ func GenerateMachines(clusterID, resourceGroup, subscriptionID string, session * if mpool.BootDiagnostics != nil { controlPlaneDiag = &capz.Diagnostics{ Boot: &capz.BootDiagnostics{ - StorageAccountType: mpool.BootDiagnostics.Type, + StorageAccountType: ConvertBootDiagnosticsStorageAccountType(mpool.BootDiagnostics.Type), }, } - controlPlaneDiag.Boot.StorageAccountType = mpool.BootDiagnostics.Type + controlPlaneDiag.Boot.StorageAccountType = ConvertBootDiagnosticsStorageAccountType(mpool.BootDiagnostics.Type) if saURI := bootDiagStorageURIBuilder(mpool.BootDiagnostics, session.Environment.StorageEndpointSuffix); saURI != "" { controlPlaneDiag.Boot.UserManaged = &capz.UserManagedBootDiagnostics{ StorageAccountURI: saURI, @@ -191,10 +191,10 @@ func GenerateMachines(clusterID, resourceGroup, subscriptionID string, session * AcceleratedNetworking: ptr.To(mpool.VMNetworkingType == string(aztypes.VMnetworkingTypeAccelerated) || mpool.VMNetworkingType == string(aztypes.AcceleratedNetworkingEnabled)), }, }, - Identity: mpool.Identity.Type, + Identity: ConvertVMIdentityType(mpool.Identity.Type), UserAssignedIdentities: userAssignedIdentities, Diagnostics: controlPlaneDiag, - DataDisks: mpool.DataDisks, + DataDisks: ConvertDataDisks(mpool.DataDisks), }, } @@ -266,7 +266,7 @@ func GenerateMachines(clusterID, resourceGroup, subscriptionID string, session * AllocatePublicIP: !in.Private, AdditionalCapabilities: additionalCapabilities, SecurityProfile: securityProfile, - Identity: mpool.Identity.Type, + Identity: ConvertVMIdentityType(mpool.Identity.Type), Diagnostics: controlPlaneDiag, UserAssignedIdentities: userAssignedIdentities, }, @@ -349,7 +349,7 @@ func CapzTagsFromUserTags(clusterID string, usertags map[string]string) (capz.Ta func bootDiagStorageURIBuilder(diag *aztypes.BootDiagnostics, storageEndpointSuffix string) string { storageAccountURI := "https://%s.blob.%s" - if diag.Type == capz.UserManagedDiagnosticsStorage && diag.StorageAccountName != "" { + if diag.Type == aztypes.UserManagedDiagnosticsStorage && diag.StorageAccountName != "" { return fmt.Sprintf(storageAccountURI, diag.StorageAccountName, storageEndpointSuffix) } return "" diff --git a/pkg/asset/machines/azure/capzconversions.go b/pkg/asset/machines/azure/capzconversions.go new file mode 100644 index 00000000000..8c7f68476fb --- /dev/null +++ b/pkg/asset/machines/azure/capzconversions.go @@ -0,0 +1,67 @@ +package azure + +import ( + "fmt" + + capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" + + "github.com/openshift/installer/pkg/types/azure" +) + +// ConvertVMIdentityType converts the local VMIdentityType to the capz VMIdentity type. +func ConvertVMIdentityType(id azure.VMIdentityType) capz.VMIdentity { + return capz.VMIdentity(id) +} + +// ConvertSubnetRole converts the local SubnetRole to the capz SubnetRole type. +func ConvertSubnetRole(role azure.SubnetRole) capz.SubnetRole { + return capz.SubnetRole(role) +} + +// ConvertBootDiagnosticsStorageAccountType converts the local BootDiagnosticsStorageAccountType +// to the capz BootDiagnosticsStorageAccountType. +func ConvertBootDiagnosticsStorageAccountType(t azure.BootDiagnosticsStorageAccountType) capz.BootDiagnosticsStorageAccountType { + return capz.BootDiagnosticsStorageAccountType(t) +} + +// ConvertDataDisks converts a slice of local DataDisk to capz DataDisk types. +func ConvertDataDisks(disks []azure.DataDisk) []capz.DataDisk { + if disks == nil { + return nil + } + + result := make([]capz.DataDisk, len(disks)) + for i, d := range disks { + result[i] = ConvertDataDisk(d) + } + return result +} + +// ConvertDataDisk converts a local DataDisk to a capz DataDisk. +func ConvertDataDisk(d azure.DataDisk) capz.DataDisk { + disk := capz.DataDisk{ + NameSuffix: d.NameSuffix, + DiskSizeGB: d.DiskSizeGB, + Lun: d.Lun, + CachingType: d.CachingType, + } + + if d.ManagedDisk != nil { + disk.ManagedDisk = &capz.ManagedDiskParameters{ + StorageAccountType: d.ManagedDisk.StorageAccountType, + } + if d.ManagedDisk.DiskEncryptionSet != nil { + disk.ManagedDisk.DiskEncryptionSet = &capz.DiskEncryptionSetParameters{ + ID: diskEncryptionSetResourceID(d.ManagedDisk.DiskEncryptionSet), + } + } + } + + return disk +} + +// diskEncryptionSetResourceID returns the Azure resource ID for a disk encryption set. +func diskEncryptionSetResourceID(des *azure.DiskEncryptionSet) string { + return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Compute/diskEncryptionSets/%s", + des.SubscriptionID, des.ResourceGroup, des.Name) +} diff --git a/pkg/asset/machines/azure/machines.go b/pkg/asset/machines/azure/machines.go index fd39d4db5a3..8930a648c9a 100644 --- a/pkg/asset/machines/azure/machines.go +++ b/pkg/asset/machines/azure/machines.go @@ -10,7 +10,6 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" v1 "github.com/openshift/api/config/v1" machinev1 "github.com/openshift/api/machine/v1" @@ -194,7 +193,7 @@ func provider(platform *azure.Platform, mpool *azure.MachinePool, osImage string managedIdentity := "" if len(mpool.Identity.UserAssignedIdentities) > 0 { managedIdentity = mpool.Identity.UserAssignedIdentities[0].ProviderID() - } else if mpool.Identity.Type == capz.VMIdentityUserAssigned { + } else if mpool.Identity.Type == azure.VMIdentityUserAssigned { // In this case, the installer will create the user-assigned identity. managedIdentity = fmt.Sprintf("%s-identity", clusterID) } @@ -243,7 +242,9 @@ func provider(platform *azure.Platform, mpool *azure.MachinePool, osImage string } if disk.ManagedDisk.DiskEncryptionSet != nil { - dataDisk.ManagedDisk.DiskEncryptionSet = (*machineapi.DiskEncryptionSetParameters)(disk.ManagedDisk.SecurityProfile.DiskEncryptionSet) + dataDisk.ManagedDisk.DiskEncryptionSet = &machineapi.DiskEncryptionSetParameters{ + ID: disk.ManagedDisk.DiskEncryptionSet.ToID(), + } } } @@ -308,11 +309,11 @@ func getBootDiagnosticObject(diag *azure.BootDiagnostics, cloudName string, role } return nil } - if diag.Type == capz.DisabledDiagnosticsStorage { + if diag.Type == azure.DisabledDiagnosticsStorage { return nil } bootDiagnostics := &machineapi.AzureDiagnostics{Boot: &machineapi.AzureBootDiagnostics{}} - if diag.Type == capz.ManagedDiagnosticsStorage { + if diag.Type == azure.ManagedDiagnosticsStorage { bootDiagnostics.Boot.StorageAccountType = machineapi.AzureManagedAzureDiagnosticsStorage } else { bootDiagnostics.Boot.StorageAccountType = machineapi.CustomerManagedAzureDiagnosticsStorage @@ -345,14 +346,14 @@ func getNetworkInfo(platform *azure.Platform, clusterID, role string, subnetZone networkResourceGroupName = platform.ClusterResourceGroupName(clusterID) } virtualNetworkName := platform.VirtualNetworkName(clusterID) - var subnetRole capz.SubnetRole + var subnetRole azure.SubnetRole var defaultSubnet string switch role { case "worker": - subnetRole = capz.SubnetNode + subnetRole = azure.SubnetNode defaultSubnet = platform.ComputeSubnetName(clusterID) case controlPlaneRoleName: - subnetRole = capz.SubnetControlPlane + subnetRole = azure.SubnetControlPlane defaultSubnet = platform.ControlPlaneSubnetName(clusterID) default: return "", "", nil, fmt.Errorf("unrecognized machine role %s", role) @@ -367,7 +368,7 @@ func getNetworkInfo(platform *azure.Platform, clusterID, role string, subnetZone if len(subnets) == 0 { subnets = append(subnets, defaultSubnet) - if platform.OutboundType == azure.NATGatewayMultiZoneOutboundType && subnetRole == capz.SubnetNode { + if platform.OutboundType == azure.NATGatewayMultiZoneOutboundType && subnetRole == azure.SubnetNode { // Starting from 2 here since there is one already added. For default installs, there has to // be one guaranteed and then for multi zone, we need to add extra per availability zone. // This code will only run if multi zone so the first one is already set and we start from 2. diff --git a/pkg/asset/machines/clusterapi.go b/pkg/asset/machines/clusterapi.go index a82ec071e02..331fd7d670a 100644 --- a/pkg/asset/machines/clusterapi.go +++ b/pkg/asset/machines/clusterapi.go @@ -15,7 +15,6 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/utils/ptr" "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2" - "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/yaml" @@ -279,7 +278,7 @@ func (c *ClusterAPI) Generate(ctx context.Context, dependencies asset.Parents) e pool.Platform.Azure = &mpool subnet := installConfig.Config.Azure.ControlPlaneSubnetName(clusterID.InfraID) for _, sub := range installConfig.Config.Azure.Subnets { - if sub.Role == v1beta1.SubnetControlPlane { + if sub.Role == azuretypes.SubnetControlPlane { subnet = sub.Name } } diff --git a/pkg/asset/machines/worker.go b/pkg/asset/machines/worker.go index d45fa469855..fd549c92d1e 100644 --- a/pkg/asset/machines/worker.go +++ b/pkg/asset/machines/worker.go @@ -13,7 +13,6 @@ import ( "k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/pointer" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" ipamv1 "sigs.k8s.io/cluster-api/api/ipam/v1beta1" //nolint:staticcheck //CORS-3563 "sigs.k8s.io/yaml" @@ -117,9 +116,9 @@ func defaultAWSMachinePoolPlatform(poolName string) awstypes.MachinePool { } func defaultAzureMachinePoolPlatform(env azuretypes.CloudEnvironment) azuretypes.MachinePool { - idType := capz.VMIdentityUserAssigned + idType := azuretypes.VMIdentityUserAssigned if env == azuretypes.StackCloud { - idType = capz.VMIdentityNone + idType = azuretypes.VMIdentityNone } return azuretypes.MachinePool{ diff --git a/pkg/asset/manifests/azure/cluster.go b/pkg/asset/manifests/azure/cluster.go index fb9a8ab3ffd..f3c724454bd 100644 --- a/pkg/asset/manifests/azure/cluster.go +++ b/pkg/asset/manifests/azure/cluster.go @@ -370,13 +370,13 @@ func getSubnetSpec(installConfig *installconfig.InstallConfig, controlPlaneSubne ID: *subnet.ID, SubnetClassSpec: capz.SubnetClassSpec{ Name: spec.Name, - Role: spec.Role, + Role: capz.SubnetRole(spec.Role), CIDRBlocks: stringAddress, }, SecurityGroup: securityGroup, } - if installConfig.Config.Azure.OutboundType == azure.NATGatewayMultiZoneOutboundType && spec.Role == capz.SubnetNode { + if installConfig.Config.Azure.OutboundType == azure.NATGatewayMultiZoneOutboundType && spec.Role == azure.SubnetNode { specGen.NatGateway = capz.NatGateway{ NatGatewayIP: capz.PublicIPSpec{ Name: fmt.Sprintf("%s-publicip-%d", infraID, index), @@ -388,7 +388,7 @@ func getSubnetSpec(installConfig *installconfig.InstallConfig, controlPlaneSubne if zoneIndex == len(zones) { zoneIndex = 0 } - } else if installConfig.Config.Azure.OutboundType == azure.NATGatewaySingleZoneOutboundType && spec.Role == capz.SubnetNode && !singleZoneNatGateway { + } else if installConfig.Config.Azure.OutboundType == azure.NATGatewaySingleZoneOutboundType && spec.Role == azure.SubnetNode && !singleZoneNatGateway { specGen.NatGateway = capz.NatGateway{ NatGatewayIP: capz.PublicIPSpec{ Name: fmt.Sprintf("%s-publicip-%d", infraID, index), @@ -397,8 +397,8 @@ func getSubnetSpec(installConfig *installconfig.InstallConfig, controlPlaneSubne } singleZoneNatGateway = true } - hasControlPlaneSubnet = hasControlPlaneSubnet || spec.Role == capz.SubnetControlPlane - hasComputePlaneSubnet = hasComputePlaneSubnet || spec.Role == capz.SubnetNode + hasControlPlaneSubnet = hasControlPlaneSubnet || spec.Role == azure.SubnetControlPlane + hasComputePlaneSubnet = hasComputePlaneSubnet || spec.Role == azure.SubnetNode subnetSpec = append(subnetSpec, specGen) } zoneIndex = 0 @@ -457,7 +457,7 @@ func getLBIP(subnets []*net.IPNet, installConfig *installconfig.InstallConfig) ( var controlPlaneSub string for _, subnet := range installConfig.Config.Azure.Subnets { - if subnet.Role == capz.SubnetControlPlane { + if subnet.Role == azure.SubnetControlPlane { controlPlaneSub = subnet.Name } } @@ -497,7 +497,7 @@ func getLBIP(subnets []*net.IPNet, installConfig *installconfig.InstallConfig) ( return lbip, nil } -func getSubnet(installConfig *installconfig.InstallConfig, subnetType capz.SubnetRole, subnetName string) (*aznetwork.Subnet, error) { +func getSubnet(installConfig *installconfig.InstallConfig, subnetType azure.SubnetRole, subnetName string) (*aznetwork.Subnet, error) { var subnet *aznetwork.Subnet azClient, err := installConfig.Azure.Client() @@ -507,13 +507,13 @@ func getSubnet(installConfig *installconfig.InstallConfig, subnetType capz.Subne ctx := context.TODO() switch subnetType { - case capz.SubnetControlPlane: + case azure.SubnetControlPlane: subnet, err = azClient.GetControlPlaneSubnet(ctx, installConfig.Config.Azure.NetworkResourceGroupName, installConfig.Config.Azure.VirtualNetwork, subnetName, ) - case capz.SubnetNode: + case azure.SubnetNode: subnet, err = azClient.GetComputeSubnet(ctx, installConfig.Config.Azure.NetworkResourceGroupName, installConfig.Config.Azure.VirtualNetwork, @@ -595,7 +595,7 @@ func getNextAvailableIPForLoadBalancer(ctx context.Context, installConfig *insta machineCidr := installConfig.Config.MachineNetwork var cpSubnet string for _, subnetSpec := range installConfig.Config.Azure.Subnets { - if subnetSpec.Role == capz.SubnetControlPlane { + if subnetSpec.Role == azure.SubnetControlPlane { cpSubnet = subnetSpec.Name } } diff --git a/pkg/asset/manifests/cloudproviderconfig.go b/pkg/asset/manifests/cloudproviderconfig.go index 0c4d027200b..c9885439dcf 100644 --- a/pkg/asset/manifests/cloudproviderconfig.go +++ b/pkg/asset/manifests/cloudproviderconfig.go @@ -10,7 +10,6 @@ import ( "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "sigs.k8s.io/yaml" "github.com/openshift/installer/pkg/asset" @@ -146,7 +145,7 @@ func (cpc *CloudProviderConfig) Generate(ctx context.Context, dependencies asset } subnet := fmt.Sprintf("%s-worker-subnet", clusterID.InfraID) for _, subnetSpec := range installConfig.Config.Azure.Subnets { - if subnetSpec.Role == capz.SubnetNode { + if subnetSpec.Role == azuretypes.SubnetNode { subnet = subnetSpec.Name break } diff --git a/pkg/types/azure/machinepool.go b/pkg/types/azure/machinepool.go index 373d153a6cc..a524c438993 100644 --- a/pkg/types/azure/machinepool.go +++ b/pkg/types/azure/machinepool.go @@ -2,8 +2,6 @@ package azure import ( "fmt" - - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" ) // SecurityTypes represents the SecurityType of the virtual machine. @@ -16,6 +14,67 @@ const ( SecurityTypesTrustedLaunch SecurityTypes = "TrustedLaunch" ) +// VMIdentityType defines the identity of the virtual machine, if configured. +// +kubebuilder:validation:Enum=None;SystemAssigned;UserAssigned +type VMIdentityType string + +const ( + // VMIdentityNone ... + VMIdentityNone VMIdentityType = "None" + // VMIdentitySystemAssigned ... + VMIdentitySystemAssigned VMIdentityType = "SystemAssigned" + // VMIdentityUserAssigned ... + VMIdentityUserAssigned VMIdentityType = "UserAssigned" +) + +// BootDiagnosticsStorageAccountType defines the list of valid storage account types +// for the boot diagnostics. +// +kubebuilder:validation:Enum:="Managed";"UserManaged";"Disabled" +type BootDiagnosticsStorageAccountType string + +const ( + // DisabledDiagnosticsStorage is used to determine that the diagnostics storage account + // should be disabled. + DisabledDiagnosticsStorage BootDiagnosticsStorageAccountType = "Disabled" + + // ManagedDiagnosticsStorage is used to determine that the diagnostics storage account + // should be provisioned by Azure. + ManagedDiagnosticsStorage BootDiagnosticsStorageAccountType = "Managed" + + // UserManagedDiagnosticsStorage is used to determine that the diagnostics storage account + // should be provisioned by the User. + UserManagedDiagnosticsStorage BootDiagnosticsStorageAccountType = "UserManaged" +) + +// DataDisk specifies the parameters that are used to add one or more data disks to the machine. +type DataDisk struct { + // NameSuffix is the suffix to be appended to the machine name to generate the disk name. + // Each disk name will be in format _. + NameSuffix string `json:"nameSuffix"` + // DiskSizeGB is the size in GB to assign to the data disk. + DiskSizeGB int32 `json:"diskSizeGB"` + // ManagedDisk specifies the Managed Disk parameters for the data disk. + // +optional + ManagedDisk *DataDiskManagedDiskParameters `json:"managedDisk,omitempty"` + // Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. + // The value must be between 0 and 63. + // +optional + Lun *int32 `json:"lun,omitempty"` + // CachingType specifies the caching requirements. + // +optional + // +kubebuilder:validation:Enum=None;ReadOnly;ReadWrite + CachingType string `json:"cachingType,omitempty"` +} + +// DataDiskManagedDiskParameters defines the parameters of a managed disk for data disks. +type DataDiskManagedDiskParameters struct { + // +optional + StorageAccountType string `json:"storageAccountType,omitempty"` + // DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the managed disk. + // +optional + DiskEncryptionSet *DiskEncryptionSet `json:"diskEncryptionSet,omitempty"` +} + // MachinePool stores the configuration for a machine pool installed // on Azure. type MachinePool struct { @@ -82,7 +141,7 @@ type MachinePool struct { // DataDisk specifies the parameters that are used to add one or more data disks to the machine. // +optional - DataDisks []capz.DataDisk `json:"dataDisks,omitempty"` + DataDisks []DataDisk `json:"dataDisks,omitempty"` } // SecuritySettings define the security type and the UEFI settings of the virtual machine. @@ -164,7 +223,7 @@ type BootDiagnostics struct { // nodes. // Values allowed are Disabled, Managed and UserManaged. // +kubebuilder:validation:Enum=Disabled;Managed;UserManaged - Type capz.BootDiagnosticsStorageAccountType `json:"type"` + Type BootDiagnosticsStorageAccountType `json:"type"` // ResourceGroup specifies the name of the resource group where the // storage account to be used for diagnostics storage is present. @@ -274,7 +333,7 @@ type VMIdentity struct { // +kubebuilder:validation:Schemaless // +kubebuilder:validation:Type=string // +kubebuilder:validation:Enum=None;UserAssigned - Type capz.VMIdentity `json:"type"` + Type VMIdentityType `json:"type"` // UserAssignedIdentities is a list of identities to be attached to a node. // Only one user-assigned identity may be supplied. diff --git a/pkg/types/azure/platform.go b/pkg/types/azure/platform.go index d1184210318..ed16eb45a04 100644 --- a/pkg/types/azure/platform.go +++ b/pkg/types/azure/platform.go @@ -4,8 +4,6 @@ import ( "fmt" "strings" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" - "github.com/openshift/installer/pkg/types/dns" ) @@ -33,6 +31,17 @@ const ( UserDefinedRoutingOutboundType OutboundType = "UserDefinedRouting" ) +// SubnetRole defines the unique role of a subnet. +type SubnetRole string + +const ( + // SubnetNode defines a Kubernetes workload node role. + SubnetNode SubnetRole = "node" + + // SubnetControlPlane defines a Kubernetes control plane node role. + SubnetControlPlane SubnetRole = "control-plane" +) + // Platform stores all the global configuration that all machinesets // use. type Platform struct { @@ -128,7 +137,7 @@ type SubnetSpec struct { Name string `json:"name"` // Role specifies the actual role which the subnet should be used in. // +kubebuilder:validation:Enum=node;control-plane - Role capz.SubnetRole `json:"role"` + Role SubnetRole `json:"role"` } // KeyVault defines an Azure Key Vault. diff --git a/pkg/types/azure/validation/machinepool.go b/pkg/types/azure/validation/machinepool.go index a02959dc019..3bedff08b11 100644 --- a/pkg/types/azure/validation/machinepool.go +++ b/pkg/types/azure/validation/machinepool.go @@ -8,7 +8,6 @@ import ( "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation/field" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "github.com/openshift/installer/pkg/types" "github.com/openshift/installer/pkg/types/azure" @@ -87,21 +86,21 @@ func ValidateMachinePool(p *azure.MachinePool, poolName string, platform *azure. } if p.BootDiagnostics != nil { - validValues := sets.NewString(string(capz.DisabledDiagnosticsStorage), string(capz.ManagedDiagnosticsStorage), string(capz.UserManagedDiagnosticsStorage)) + validValues := sets.NewString(string(azure.DisabledDiagnosticsStorage), string(azure.ManagedDiagnosticsStorage), string(azure.UserManagedDiagnosticsStorage)) if !validValues.Has(string(p.BootDiagnostics.Type)) { allErrs = append(allErrs, field.NotSupported(fldPath.Child("bootDiagnostics").Child("type"), p.BootDiagnostics.Type, validValues.List())) } - if p.BootDiagnostics.Type == capz.ManagedDiagnosticsStorage && platform.CloudName == azure.StackCloud { + if p.BootDiagnostics.Type == azure.ManagedDiagnosticsStorage && platform.CloudName == azure.StackCloud { allErrs = append(allErrs, field.Invalid(fldPath.Child("bootDiagnostics").Child("StorageAccountURI"), p.BootDiagnostics.Type, "managed type not supported by azure stack. Use UserManaged instead.")) } - if p.BootDiagnostics.Type != capz.UserManagedDiagnosticsStorage { + if p.BootDiagnostics.Type != azure.UserManagedDiagnosticsStorage { if p.BootDiagnostics.ResourceGroup != "" { allErrs = append(allErrs, field.Invalid(fldPath.Child("bootDiagnostics").Child("ResourceGroup"), p.BootDiagnostics.ResourceGroup, "resourceGroup can only be specified if type is set to UserManaged.")) } if p.BootDiagnostics.StorageAccountName != "" { allErrs = append(allErrs, field.Invalid(fldPath.Child("bootDiagnostics").Child("StorageAccountName"), p.BootDiagnostics.StorageAccountName, "storageAccountName can only be specified if type is set to UserManaged.")) } - } else if p.BootDiagnostics.Type == capz.UserManagedDiagnosticsStorage { + } else if p.BootDiagnostics.Type == azure.UserManagedDiagnosticsStorage { if p.BootDiagnostics.ResourceGroup == "" { allErrs = append(allErrs, field.Invalid(fldPath.Child("bootDiagnostics").Child("ResourceGroup"), p.BootDiagnostics.ResourceGroup, "resourceGroup must be specified if type is set to UserManaged.")) } @@ -328,16 +327,16 @@ func validateIdentity(poolName string, p *azure.MachinePool, fldPath *field.Path return append(errs, field.Required(fldPath.Child("type"), "type must be specified if using identity")) } - if id.Type != capz.VMIdentityNone && id.Type != capz.VMIdentityUserAssigned { - supportedValues := []capz.VMIdentity{capz.VMIdentityNone, capz.VMIdentityUserAssigned} + if id.Type != azure.VMIdentityNone && id.Type != azure.VMIdentityUserAssigned { + supportedValues := []azure.VMIdentityType{azure.VMIdentityNone, azure.VMIdentityUserAssigned} return append(errs, field.NotSupported(fldPath.Child("type"), id.Type, supportedValues)) } - if id.Type == capz.VMIdentityUserAssigned && len(id.UserAssignedIdentities) == 0 { + if id.Type == azure.VMIdentityUserAssigned && len(id.UserAssignedIdentities) == 0 { logrus.Warn("Identity type is set to UserAssigned but no user-assigned identities are specified. A user-assigned identity will be created, which requires the User Access Admin role.") } - if id.UserAssignedIdentities != nil && id.Type != capz.VMIdentityUserAssigned { + if id.UserAssignedIdentities != nil && id.Type != azure.VMIdentityUserAssigned { errs = append(errs, field.Invalid(fldPath.Child("type"), id.Type, "userAssignedIdentities may only be used with type: UserAssigned")) } diff --git a/pkg/types/azure/validation/machinepool_test.go b/pkg/types/azure/validation/machinepool_test.go index e75802fe787..06bf13744c1 100644 --- a/pkg/types/azure/validation/machinepool_test.go +++ b/pkg/types/azure/validation/machinepool_test.go @@ -7,7 +7,6 @@ import ( "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/pointer" "k8s.io/utils/ptr" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "github.com/openshift/installer/pkg/types" "github.com/openshift/installer/pkg/types/azure" @@ -101,7 +100,7 @@ func TestValidateMachinePool(t *testing.T) { }}, Platform: types.MachinePoolPlatform{ Azure: &azure.MachinePool{ - DataDisks: []capz.DataDisk{{ + DataDisks: []azure.DataDisk{{ NameSuffix: "etcd", DiskSizeGB: 1, ManagedDisk: nil, @@ -127,7 +126,7 @@ func TestValidateMachinePool(t *testing.T) { }}, Platform: types.MachinePoolPlatform{ Azure: &azure.MachinePool{ - DataDisks: []capz.DataDisk{{ + DataDisks: []azure.DataDisk{{ NameSuffix: "etcd", DiskSizeGB: 1, ManagedDisk: nil, @@ -152,7 +151,7 @@ func TestValidateMachinePool(t *testing.T) { }}, Platform: types.MachinePoolPlatform{ Azure: &azure.MachinePool{ - DataDisks: []capz.DataDisk{{ + DataDisks: []azure.DataDisk{{ NameSuffix: "foo", DiskSizeGB: 1, ManagedDisk: nil, @@ -177,7 +176,7 @@ func TestValidateMachinePool(t *testing.T) { }}, Platform: types.MachinePoolPlatform{ Azure: &azure.MachinePool{ - DataDisks: []capz.DataDisk{{ + DataDisks: []azure.DataDisk{{ NameSuffix: "etcd", DiskSizeGB: 1, ManagedDisk: nil, @@ -202,7 +201,7 @@ func TestValidateMachinePool(t *testing.T) { }}, Platform: types.MachinePoolPlatform{ Azure: &azure.MachinePool{ - DataDisks: []capz.DataDisk{{ + DataDisks: []azure.DataDisk{{ NameSuffix: "etcd", DiskSizeGB: 0, ManagedDisk: nil, @@ -222,7 +221,7 @@ func TestValidateMachinePool(t *testing.T) { DiskSetup: []types.Disk{}, Platform: types.MachinePoolPlatform{ Azure: &azure.MachinePool{ - DataDisks: []capz.DataDisk{{ + DataDisks: []azure.DataDisk{{ NameSuffix: "etcd", DiskSizeGB: 0, ManagedDisk: nil, @@ -256,7 +255,7 @@ func TestValidateMachinePool(t *testing.T) { }, Platform: types.MachinePoolPlatform{ Azure: &azure.MachinePool{ - DataDisks: []capz.DataDisk{ + DataDisks: []azure.DataDisk{ { NameSuffix: "etcd", DiskSizeGB: 1, @@ -846,7 +845,7 @@ func TestValidateMachinePool(t *testing.T) { Platform: types.MachinePoolPlatform{ Azure: &azure.MachinePool{ Identity: &azure.VMIdentity{ - Type: capz.VMIdentityNone, + Type: azure.VMIdentityNone, UserAssignedIdentities: []azure.UserAssignedIdentity{}, }, }, diff --git a/pkg/types/azure/validation/platform.go b/pkg/types/azure/validation/platform.go index 384c50f8038..d8eb019869d 100644 --- a/pkg/types/azure/validation/platform.go +++ b/pkg/types/azure/validation/platform.go @@ -7,7 +7,6 @@ import ( "strings" "k8s.io/apimachinery/pkg/util/validation/field" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "github.com/openshift/installer/pkg/types" "github.com/openshift/installer/pkg/types/azure" @@ -78,12 +77,12 @@ func ValidatePlatform(p *azure.Platform, publish types.PublishingStrategy, fldPa } subnetSpecList[subnets.Name] = true switch subnets.Role { - case capz.SubnetControlPlane: + case azure.SubnetControlPlane: if hasControlPlane { allErrs = append(allErrs, field.Invalid(fldPath.Child("subnets"), subnets.Name, "CAPZ currently does not support multiple control plane subnets")) } hasControlPlane = true - case capz.SubnetNode: + case azure.SubnetNode: numCompute++ default: allErrs = append(allErrs, field.Invalid(fldPath.Child("subnets"), subnets.Name, fmt.Sprintf("role %s not supported", subnets.Role))) diff --git a/pkg/types/azure/validation/platform_test.go b/pkg/types/azure/validation/platform_test.go index 14ba4b48775..4bc7a9c695f 100644 --- a/pkg/types/azure/validation/platform_test.go +++ b/pkg/types/azure/validation/platform_test.go @@ -5,7 +5,6 @@ import ( "github.com/stretchr/testify/assert" "k8s.io/apimachinery/pkg/util/validation/field" - "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "github.com/openshift/installer/pkg/types" "github.com/openshift/installer/pkg/types/azure" @@ -27,11 +26,11 @@ func validNetworkPlatform() *azure.Platform { p.Subnets = []azure.SubnetSpec{ { Name: "controlplanesubnet", - Role: v1beta1.SubnetControlPlane, + Role: azure.SubnetControlPlane, }, { Name: "computesubnet", - Role: v1beta1.SubnetNode, + Role: azure.SubnetNode, }, } diff --git a/pkg/types/azure/zz_generated.deepcopy.go b/pkg/types/azure/zz_generated.deepcopy.go index cfa61e91fe6..e828c82cddd 100644 --- a/pkg/types/azure/zz_generated.deepcopy.go +++ b/pkg/types/azure/zz_generated.deepcopy.go @@ -5,10 +5,6 @@ package azure -import ( - v1beta1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" -) - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BootDiagnostics) DeepCopyInto(out *BootDiagnostics) { *out = *in @@ -63,6 +59,53 @@ func (in *CustomerManagedKey) DeepCopy() *CustomerManagedKey { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DataDisk) DeepCopyInto(out *DataDisk) { + *out = *in + if in.ManagedDisk != nil { + in, out := &in.ManagedDisk, &out.ManagedDisk + *out = new(DataDiskManagedDiskParameters) + (*in).DeepCopyInto(*out) + } + if in.Lun != nil { + in, out := &in.Lun, &out.Lun + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataDisk. +func (in *DataDisk) DeepCopy() *DataDisk { + if in == nil { + return nil + } + out := new(DataDisk) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DataDiskManagedDiskParameters) DeepCopyInto(out *DataDiskManagedDiskParameters) { + *out = *in + if in.DiskEncryptionSet != nil { + in, out := &in.DiskEncryptionSet, &out.DiskEncryptionSet + *out = new(DiskEncryptionSet) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataDiskManagedDiskParameters. +func (in *DataDiskManagedDiskParameters) DeepCopy() *DataDiskManagedDiskParameters { + if in == nil { + return nil + } + out := new(DataDiskManagedDiskParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DiskEncryptionSet) DeepCopyInto(out *DiskEncryptionSet) { *out = *in @@ -122,7 +165,7 @@ func (in *MachinePool) DeepCopyInto(out *MachinePool) { } if in.DataDisks != nil { in, out := &in.DataDisks, &out.DataDisks - *out = make([]v1beta1.DataDisk, len(*in)) + *out = make([]DataDisk, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/pkg/types/conversion/installconfig.go b/pkg/types/conversion/installconfig.go index dbf3c32fa5a..8983a1902d4 100644 --- a/pkg/types/conversion/installconfig.go +++ b/pkg/types/conversion/installconfig.go @@ -7,7 +7,6 @@ import ( "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/util/validation/field" utilsslice "k8s.io/utils/strings/slices" - "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" operv1 "github.com/openshift/api/operator/v1" "github.com/openshift/installer/pkg/ipnet" @@ -342,13 +341,13 @@ func convertAzure(config *types.InstallConfig) error { if config.Azure.DeprecatedControlPlaneSubnet != "" { // nolint: staticcheck subnets = append(subnets, azure.SubnetSpec{ Name: config.Azure.DeprecatedControlPlaneSubnet, // nolint: staticcheck - Role: v1beta1.SubnetControlPlane, + Role: azure.SubnetControlPlane, }) } if config.Azure.DeprecatedComputeSubnet != "" { // nolint: staticcheck subnets = append(subnets, azure.SubnetSpec{ Name: config.Azure.DeprecatedComputeSubnet, // nolint: staticcheck - Role: v1beta1.SubnetNode, + Role: azure.SubnetNode, }) } config.Azure.Subnets = subnets diff --git a/pkg/types/utils.go b/pkg/types/utils.go index 68de16d000c..287faae0456 100644 --- a/pkg/types/utils.go +++ b/pkg/types/utils.go @@ -5,7 +5,6 @@ import ( "os" "github.com/sirupsen/logrus" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" configv1 "github.com/openshift/api/config/v1" features "github.com/openshift/api/features" @@ -70,19 +69,19 @@ func (c *InstallConfig) CreateAzureIdentity() bool { if dmp := c.Azure.DefaultMachinePlatform; dmp != nil { defaultID = dmp.Identity } - defaultNeedsID := defaultID == nil || (defaultID.Type == capz.VMIdentityUserAssigned && len(defaultID.UserAssignedIdentities) == 0) + defaultNeedsID := defaultID == nil || (defaultID.Type == azure.VMIdentityUserAssigned && len(defaultID.UserAssignedIdentities) == 0) var computeID *azure.VMIdentity if comp := c.Compute; len(comp) > 0 && comp[0].Platform.Azure != nil { computeID = comp[0].Platform.Azure.Identity } - computeNeedsID := computeID == nil || (computeID.Type == capz.VMIdentityUserAssigned && len(computeID.UserAssignedIdentities) == 0) + computeNeedsID := computeID == nil || (computeID.Type == azure.VMIdentityUserAssigned && len(computeID.UserAssignedIdentities) == 0) var cpID *azure.VMIdentity if cp := c.ControlPlane; cp != nil && cp.Platform.Azure != nil { cpID = cp.Platform.Azure.Identity } - cpNeedsID := cpID == nil || (cpID.Type == capz.VMIdentityUserAssigned && len(cpID.UserAssignedIdentities) == 0) + cpNeedsID := cpID == nil || (cpID.Type == azure.VMIdentityUserAssigned && len(cpID.UserAssignedIdentities) == 0) return defaultNeedsID && (computeNeedsID || cpNeedsID) } diff --git a/pkg/types/utils_test.go b/pkg/types/utils_test.go index c256cd99405..1775df7d678 100644 --- a/pkg/types/utils_test.go +++ b/pkg/types/utils_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" configv1 "github.com/openshift/api/config/v1" "github.com/openshift/installer/pkg/ipnet" @@ -116,7 +115,7 @@ func TestCreateAzureIdentity(t *testing.T) { ic := baseInstallConfig() ic.Platform.Azure.DefaultMachinePlatform = &azure.MachinePool{ Identity: &azure.VMIdentity{ - Type: capz.VMIdentityNone, + Type: azure.VMIdentityNone, }, } return ic @@ -129,7 +128,7 @@ func TestCreateAzureIdentity(t *testing.T) { ic := baseInstallConfig() ic.Platform.Azure.DefaultMachinePlatform = &azure.MachinePool{ Identity: &azure.VMIdentity{ - Type: capz.VMIdentityUserAssigned, + Type: azure.VMIdentityUserAssigned, }, } return ic @@ -142,11 +141,11 @@ func TestCreateAzureIdentity(t *testing.T) { ic := baseInstallConfig() ic.Platform.Azure.DefaultMachinePlatform = &azure.MachinePool{ Identity: &azure.VMIdentity{ - Type: capz.VMIdentityUserAssigned, + Type: azure.VMIdentityUserAssigned, }, } ic.ControlPlane.Platform.Azure.Identity = &azure.VMIdentity{ - Type: capz.VMIdentityUserAssigned, + Type: azure.VMIdentityUserAssigned, UserAssignedIdentities: []azure.UserAssignedIdentity{ { Name: "test", @@ -165,7 +164,7 @@ func TestCreateAzureIdentity(t *testing.T) { ic := baseInstallConfig() ic.Platform.Azure.DefaultMachinePlatform = &azure.MachinePool{ Identity: &azure.VMIdentity{ - Type: capz.VMIdentityUserAssigned, + Type: azure.VMIdentityUserAssigned, UserAssignedIdentities: []azure.UserAssignedIdentity{ { Name: "test", diff --git a/pkg/types/validation/featuregate_test.go b/pkg/types/validation/featuregate_test.go index 0d454d3e3ed..9858689b4f1 100644 --- a/pkg/types/validation/featuregate_test.go +++ b/pkg/types/validation/featuregate_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" v1 "github.com/openshift/api/config/v1" "github.com/openshift/installer/pkg/types" @@ -109,7 +108,7 @@ func TestFeatureGates(t *testing.T) { c.Azure = &azure.Platform{} c.ControlPlane.Platform.Azure = &azure.MachinePool{ Identity: &azure.VMIdentity{ - Type: capz.VMIdentityUserAssigned, + Type: azure.VMIdentityUserAssigned, UserAssignedIdentities: []azure.UserAssignedIdentity{ { Name: "first-identity", @@ -136,7 +135,7 @@ func TestFeatureGates(t *testing.T) { c.Azure = &azure.Platform{} c.Azure.DefaultMachinePlatform = &azure.MachinePool{ Identity: &azure.VMIdentity{ - Type: capz.VMIdentityUserAssigned, + Type: azure.VMIdentityUserAssigned, UserAssignedIdentities: []azure.UserAssignedIdentity{ { Name: "first-identity", @@ -163,7 +162,7 @@ func TestFeatureGates(t *testing.T) { c.Azure = &azure.Platform{} c.ControlPlane.Platform.Azure = &azure.MachinePool{ Identity: &azure.VMIdentity{ - Type: capz.VMIdentityUserAssigned, + Type: azure.VMIdentityUserAssigned, UserAssignedIdentities: []azure.UserAssignedIdentity{ { Name: "solo-bolo!", From 607ad9a235be4af55cb54a54a233b2da8ec7b291 Mon Sep 17 00:00:00 2001 From: Patrick Dillon Date: Fri, 16 Jan 2026 16:18:11 -0500 Subject: [PATCH 2/4] fixup! pkg/types: remove cluster-api-provider-azure --- .../install.openshift.io_installconfigs.yaml | 173 ++++++------------ pkg/asset/machines/azure/azuremachines.go | 10 +- pkg/asset/machines/azure/capzconversions.go | 22 +-- 3 files changed, 64 insertions(+), 141 deletions(-) diff --git a/data/data/install.openshift.io_installconfigs.yaml b/data/data/install.openshift.io_installconfigs.yaml index cf0ebc88ca1..c9a5ef73847 100644 --- a/data/data/install.openshift.io_installconfigs.yaml +++ b/data/data/install.openshift.io_installconfigs.yaml @@ -359,39 +359,24 @@ spec: disk encryption set resource id for the managed disk. properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription + name: + description: Name is the name of the disk encryption + set. type: string - type: object - securityProfile: - description: SecurityProfile specifies the security - profile for the managed disk. - properties: - diskEncryptionSet: + resourceGroup: description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: + ResourceGroup defines the Azure resource group used by the disk + encryption set. + type: string + subscriptionId: description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState + SubscriptionID defines the Azure subscription the disk encryption + set is in. type: string + required: + - name + - resourceGroup + - subscriptionId type: object storageAccountType: type: string @@ -1919,40 +1904,24 @@ spec: disk encryption set resource id for the managed disk. properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription + name: + description: Name is the name of the disk + encryption set. type: string - type: object - securityProfile: - description: SecurityProfile specifies the security - profile for the managed disk. - properties: - diskEncryptionSet: + resourceGroup: description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for - diskEncryptionSet resource. It must - be in the same subscription - type: string - type: object - securityEncryptionType: + ResourceGroup defines the Azure resource group used by the disk + encryption set. + type: string + subscriptionId: description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState + SubscriptionID defines the Azure subscription the disk encryption + set is in. type: string + required: + - name + - resourceGroup + - subscriptionId type: object storageAccountType: type: string @@ -3419,39 +3388,24 @@ spec: disk encryption set resource id for the managed disk. properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription + name: + description: Name is the name of the disk encryption + set. type: string - type: object - securityProfile: - description: SecurityProfile specifies the security - profile for the managed disk. - properties: - diskEncryptionSet: + resourceGroup: description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: + ResourceGroup defines the Azure resource group used by the disk + encryption set. + type: string + subscriptionId: description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState + SubscriptionID defines the Azure subscription the disk encryption + set is in. type: string + required: + - name + - resourceGroup + - subscriptionId type: object storageAccountType: type: string @@ -5361,39 +5315,24 @@ spec: disk encryption set resource id for the managed disk. properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription + name: + description: Name is the name of the disk encryption + set. type: string - type: object - securityProfile: - description: SecurityProfile specifies the security - profile for the managed disk. - properties: - diskEncryptionSet: + resourceGroup: description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: + ResourceGroup defines the Azure resource group used by the disk + encryption set. + type: string + subscriptionId: description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState + SubscriptionID defines the Azure subscription the disk encryption + set is in. type: string + required: + - name + - resourceGroup + - subscriptionId type: object storageAccountType: type: string diff --git a/pkg/asset/machines/azure/azuremachines.go b/pkg/asset/machines/azure/azuremachines.go index 4a794b7eb60..2d835ec16a1 100644 --- a/pkg/asset/machines/azure/azuremachines.go +++ b/pkg/asset/machines/azure/azuremachines.go @@ -137,7 +137,7 @@ func GenerateMachines(clusterID, resourceGroup, subscriptionID string, session * } if in.Platform.DefaultMachinePlatform != nil && in.Platform.DefaultMachinePlatform.BootDiagnostics != nil { - defaultDiag.Boot.StorageAccountType = ConvertBootDiagnosticsStorageAccountType(in.Platform.DefaultMachinePlatform.BootDiagnostics.Type) + defaultDiag.Boot.StorageAccountType = capz.BootDiagnosticsStorageAccountType(in.Platform.DefaultMachinePlatform.BootDiagnostics.Type) if saURI := bootDiagStorageURIBuilder(in.Platform.DefaultMachinePlatform.BootDiagnostics, session.Environment.StorageEndpointSuffix); saURI != "" { defaultDiag.Boot.UserManaged = &capz.UserManagedBootDiagnostics{ StorageAccountURI: saURI, @@ -149,10 +149,10 @@ func GenerateMachines(clusterID, resourceGroup, subscriptionID string, session * if mpool.BootDiagnostics != nil { controlPlaneDiag = &capz.Diagnostics{ Boot: &capz.BootDiagnostics{ - StorageAccountType: ConvertBootDiagnosticsStorageAccountType(mpool.BootDiagnostics.Type), + StorageAccountType: capz.BootDiagnosticsStorageAccountType(mpool.BootDiagnostics.Type), }, } - controlPlaneDiag.Boot.StorageAccountType = ConvertBootDiagnosticsStorageAccountType(mpool.BootDiagnostics.Type) + controlPlaneDiag.Boot.StorageAccountType = capz.BootDiagnosticsStorageAccountType(mpool.BootDiagnostics.Type) if saURI := bootDiagStorageURIBuilder(mpool.BootDiagnostics, session.Environment.StorageEndpointSuffix); saURI != "" { controlPlaneDiag.Boot.UserManaged = &capz.UserManagedBootDiagnostics{ StorageAccountURI: saURI, @@ -191,7 +191,7 @@ func GenerateMachines(clusterID, resourceGroup, subscriptionID string, session * AcceleratedNetworking: ptr.To(mpool.VMNetworkingType == string(aztypes.VMnetworkingTypeAccelerated) || mpool.VMNetworkingType == string(aztypes.AcceleratedNetworkingEnabled)), }, }, - Identity: ConvertVMIdentityType(mpool.Identity.Type), + Identity: capz.VMIdentity(mpool.Identity.Type), UserAssignedIdentities: userAssignedIdentities, Diagnostics: controlPlaneDiag, DataDisks: ConvertDataDisks(mpool.DataDisks), @@ -266,7 +266,7 @@ func GenerateMachines(clusterID, resourceGroup, subscriptionID string, session * AllocatePublicIP: !in.Private, AdditionalCapabilities: additionalCapabilities, SecurityProfile: securityProfile, - Identity: ConvertVMIdentityType(mpool.Identity.Type), + Identity: capz.VMIdentity(mpool.Identity.Type), Diagnostics: controlPlaneDiag, UserAssignedIdentities: userAssignedIdentities, }, diff --git a/pkg/asset/machines/azure/capzconversions.go b/pkg/asset/machines/azure/capzconversions.go index 8c7f68476fb..57c2f0911d7 100644 --- a/pkg/asset/machines/azure/capzconversions.go +++ b/pkg/asset/machines/azure/capzconversions.go @@ -8,22 +8,6 @@ import ( "github.com/openshift/installer/pkg/types/azure" ) -// ConvertVMIdentityType converts the local VMIdentityType to the capz VMIdentity type. -func ConvertVMIdentityType(id azure.VMIdentityType) capz.VMIdentity { - return capz.VMIdentity(id) -} - -// ConvertSubnetRole converts the local SubnetRole to the capz SubnetRole type. -func ConvertSubnetRole(role azure.SubnetRole) capz.SubnetRole { - return capz.SubnetRole(role) -} - -// ConvertBootDiagnosticsStorageAccountType converts the local BootDiagnosticsStorageAccountType -// to the capz BootDiagnosticsStorageAccountType. -func ConvertBootDiagnosticsStorageAccountType(t azure.BootDiagnosticsStorageAccountType) capz.BootDiagnosticsStorageAccountType { - return capz.BootDiagnosticsStorageAccountType(t) -} - // ConvertDataDisks converts a slice of local DataDisk to capz DataDisk types. func ConvertDataDisks(disks []azure.DataDisk) []capz.DataDisk { if disks == nil { @@ -32,13 +16,13 @@ func ConvertDataDisks(disks []azure.DataDisk) []capz.DataDisk { result := make([]capz.DataDisk, len(disks)) for i, d := range disks { - result[i] = ConvertDataDisk(d) + result[i] = convertDataDisk(d) } return result } -// ConvertDataDisk converts a local DataDisk to a capz DataDisk. -func ConvertDataDisk(d azure.DataDisk) capz.DataDisk { +// convertDataDisk converts a local DataDisk to a capz DataDisk. +func convertDataDisk(d azure.DataDisk) capz.DataDisk { disk := capz.DataDisk{ NameSuffix: d.NameSuffix, DiskSizeGB: d.DiskSizeGB, From c4ea90bcfb1ed79f489a2b6ec278323c8fc554d9 Mon Sep 17 00:00:00 2001 From: Patrick Dillon Date: Wed, 21 Jan 2026 12:41:48 -0500 Subject: [PATCH 3/4] fixup! fixup! pkg/types: remove cluster-api-provider-azure --- pkg/asset/machines/azure/azuremachines.go | 2 +- pkg/asset/machines/azure/capzconversions.go | 51 --------------------- pkg/asset/machines/azure/types.go | 46 +++++++++++++++++++ 3 files changed, 47 insertions(+), 52 deletions(-) delete mode 100644 pkg/asset/machines/azure/capzconversions.go create mode 100644 pkg/asset/machines/azure/types.go diff --git a/pkg/asset/machines/azure/azuremachines.go b/pkg/asset/machines/azure/azuremachines.go index 2d835ec16a1..59bc039041e 100644 --- a/pkg/asset/machines/azure/azuremachines.go +++ b/pkg/asset/machines/azure/azuremachines.go @@ -194,7 +194,7 @@ func GenerateMachines(clusterID, resourceGroup, subscriptionID string, session * Identity: capz.VMIdentity(mpool.Identity.Type), UserAssignedIdentities: userAssignedIdentities, Diagnostics: controlPlaneDiag, - DataDisks: ConvertDataDisks(mpool.DataDisks), + DataDisks: capzDataDisks(mpool.DataDisks), }, } diff --git a/pkg/asset/machines/azure/capzconversions.go b/pkg/asset/machines/azure/capzconversions.go deleted file mode 100644 index 57c2f0911d7..00000000000 --- a/pkg/asset/machines/azure/capzconversions.go +++ /dev/null @@ -1,51 +0,0 @@ -package azure - -import ( - "fmt" - - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" - - "github.com/openshift/installer/pkg/types/azure" -) - -// ConvertDataDisks converts a slice of local DataDisk to capz DataDisk types. -func ConvertDataDisks(disks []azure.DataDisk) []capz.DataDisk { - if disks == nil { - return nil - } - - result := make([]capz.DataDisk, len(disks)) - for i, d := range disks { - result[i] = convertDataDisk(d) - } - return result -} - -// convertDataDisk converts a local DataDisk to a capz DataDisk. -func convertDataDisk(d azure.DataDisk) capz.DataDisk { - disk := capz.DataDisk{ - NameSuffix: d.NameSuffix, - DiskSizeGB: d.DiskSizeGB, - Lun: d.Lun, - CachingType: d.CachingType, - } - - if d.ManagedDisk != nil { - disk.ManagedDisk = &capz.ManagedDiskParameters{ - StorageAccountType: d.ManagedDisk.StorageAccountType, - } - if d.ManagedDisk.DiskEncryptionSet != nil { - disk.ManagedDisk.DiskEncryptionSet = &capz.DiskEncryptionSetParameters{ - ID: diskEncryptionSetResourceID(d.ManagedDisk.DiskEncryptionSet), - } - } - } - - return disk -} - -// diskEncryptionSetResourceID returns the Azure resource ID for a disk encryption set. -func diskEncryptionSetResourceID(des *azure.DiskEncryptionSet) string { - return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Compute/diskEncryptionSets/%s", - des.SubscriptionID, des.ResourceGroup, des.Name) -} diff --git a/pkg/asset/machines/azure/types.go b/pkg/asset/machines/azure/types.go new file mode 100644 index 00000000000..d31b35f1c2d --- /dev/null +++ b/pkg/asset/machines/azure/types.go @@ -0,0 +1,46 @@ +package azure + +import ( + "fmt" + + capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" + + "github.com/openshift/installer/pkg/types/azure" +) + +// capzDataDisks converts a slice of local DataDisk to capz DataDisk types. +func capzDataDisks(disks []azure.DataDisk) []capz.DataDisk { + if disks == nil { + return nil + } + + result := make([]capz.DataDisk, len(disks)) + for i, d := range disks { + disk := capz.DataDisk{ + NameSuffix: d.NameSuffix, + DiskSizeGB: d.DiskSizeGB, + Lun: d.Lun, + CachingType: d.CachingType, + } + + if d.ManagedDisk != nil { + disk.ManagedDisk = &capz.ManagedDiskParameters{ + StorageAccountType: d.ManagedDisk.StorageAccountType, + } + if d.ManagedDisk.DiskEncryptionSet != nil { + disk.ManagedDisk.DiskEncryptionSet = &capz.DiskEncryptionSetParameters{ + ID: diskEncryptionSetResourceID(d.ManagedDisk.DiskEncryptionSet), + } + } + } + + result[i] = disk + } + return result +} + +// diskEncryptionSetResourceID returns the Azure resource ID for a disk encryption set. +func diskEncryptionSetResourceID(des *azure.DiskEncryptionSet) string { + return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Compute/diskEncryptionSets/%s", + des.SubscriptionID, des.ResourceGroup, des.Name) +} From d483902cfef382a6fe119f38fcf7d19ba24f91a5 Mon Sep 17 00:00:00 2001 From: Patrick Dillon Date: Wed, 21 Jan 2026 12:54:19 -0500 Subject: [PATCH 4/4] fixup! fixup! fixup! pkg/types: remove cluster-api-provider-azure --- pkg/types/azure/machinepool.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkg/types/azure/machinepool.go b/pkg/types/azure/machinepool.go index a524c438993..03469604441 100644 --- a/pkg/types/azure/machinepool.go +++ b/pkg/types/azure/machinepool.go @@ -15,14 +15,12 @@ const ( ) // VMIdentityType defines the identity of the virtual machine, if configured. -// +kubebuilder:validation:Enum=None;SystemAssigned;UserAssigned +// +kubebuilder:validation:Enum=None;UserAssigned type VMIdentityType string const ( // VMIdentityNone ... VMIdentityNone VMIdentityType = "None" - // VMIdentitySystemAssigned ... - VMIdentitySystemAssigned VMIdentityType = "SystemAssigned" // VMIdentityUserAssigned ... VMIdentityUserAssigned VMIdentityType = "UserAssigned" )